1. Field of Invention
Various embodiments of the invention relate in general to data communication applications. More specifically, the various embodiments of the invention relate to methods and systems for controlling access to the data communication applications.
2. Description of the Background Art
Examples of the data communication applications may include instant messaging applications, email applications, and the like. Communication of information that is confidential, or can be a reason for unnecessarily overloading the network, should be avoided. This information can be in the form of emails, instant messages, and files transferred by using emails or instant messaging (IM) applications, and voice mails. IM applications can be considered to be commonly abused data communication applications, mainly because of the unavailability of an easily accessible record of data communication taking place among the users. IM provides the ability to easily check whether friends or co-workers are connected to the network, and, if they are, to exchange messages with them. Examples of the network may include a Local Area Network (LAN), a Wide Area Network (WAN), an intranet, an extranet, the Internet, and an enterprise network. IM applications are primarily used for online chatting in the network. However, users can abuse these applications. For example, users in an enterprise may transfer confidential data pertaining to the enterprise, in the form of files, to third parties. Moreover, IM applications are also used for network attacks, and to spread viruses and other security threats on the network.
Conventional techniques, used to control IM applications, include using a stand-alone proxy server through which each IM application running on the network of the enterprise connects. The proxy server is used to define and enforce a security policy on IM applications running in the enterprise. However, using a proxy server is an enterprise-level solution and can be overkill in Small Office Home Office (SOHO)-level networks and other low-end user networks. SOHO-level and low-end user networks need an easy solution to control IM applications.
Other than using the proxy server, conventional techniques include the use of a firewall deployed on a router in the network, which can enforce the security policy on IM applications. The firewall controls the IM applications crossing the boundary of the network, and blocks access to an IM application by using an IP address corresponding to a server of the IM application. Most of the servers of IM applications, hereinafter referred as IM servers, use a set of dynamic IP addresses. Therefore, each query to an IM server of the IM application, hereinafter referred to as a DNS query, results in a different IP address from the set of dynamic IP addresses. Furthermore, the set of dynamic IP addresses can also be changed without prior notice. Therefore, it is difficult to maintain an IP address-based access control list (ACL) in a router, to control access to IM applications.
An IM server can communicate data through a number of ports that is more than the number assigned by the network administrator for data transfer. Moreover, the IM server can communicate the data through many unrelated ports that are allocated to other well-known applications, such as telnet, file transfer protocol (ftp), and simple mail transfer protocol (SMTP). When assigned ports are blocked, clients using the IM server can detect this automatically and can be configured to communicate the data through the unrelated ports assigned to other applications. Hence, the IM server is able to communicate the data through any port that is allowed to pass through the firewall.
Therefore, the mechanisms, as described above, can easily break the existing firewall to communicate data that should not be allowed to travel across the network.